From: Marta Rybczynska <rybczyn...@gmail.com> This change adds a fix for an unitialized token structure in gnulib. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- ...mp-Fix-uninitialized-token-structure.patch | 53 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch diff --git a/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch new file mode 100644 index 0000000000..b6e3c7edbe --- /dev/null +++ b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch @@ -0,0 +1,53 @@ +From 2af8df02cca7fd4b584575eac304cd03fa23f5cc Mon Sep 17 00:00:00 2001 +From: Darren Kenny <darren.ke...@oracle.com> +Date: Thu, 22 Oct 2020 13:54:06 +0000 +Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure + +The code is assuming that the value of br_token.constraint was +initialized to zero when it wasn't. + +While some compilers will ensure that, not all do, so it is better to +fix this explicitly than leave it to chance. + +Fixes: CID 73749 + +Signed-off-by: Darren Kenny <darren.ke...@oracle.com> +Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=75c3d3cec4f408848f575d6d5e30a95bd6313db0] +Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com> +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-uninit-structure.patch | 11 +++++++++++ + 2 files changed, 12 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 9b01152..9e55458 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch +diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +new file mode 100644 +index 0000000..7b4d9f6 +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +@@ -0,0 +1,11 @@ ++--- a/lib/regcomp.c 2020-10-22 13:49:06.770168928 +0000 +++++ b/lib/regcomp.c 2020-10-22 13:50:37.026528298 +0000 ++@@ -3662,7 +3662,7 @@ ++ Idx alloc = 0; ++ #endif /* not RE_ENABLE_I18N */ ++ reg_errcode_t ret; ++- re_token_t br_token; +++ re_token_t br_token = {0}; ++ bin_tree_t *tree; ++ ++ sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index d2a1502d56..df2c8b8a16 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -55,6 +55,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ file://0008-gnulib-regexec-Resolve-unused-variable.patch \ + file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162359): https://lists.openembedded.org/g/openembedded-core/message/162359 Mute This Topic: https://lists.openembedded.org/mt/89389007/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
